CVE-2020-5852
First published: Tue Jan 14 2020(Updated: )
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Big-ip Local Traffic Manager | =11.5.4.2.74.291 | |
| F5 Big-ip Local Traffic Manager | =12.1.4.1.0.97.6 | |
| F5 Big-ip Local Traffic Manager | =14.1.2.1.0.83.4 | |
| F5 BIG-IP Advanced Firewall Manager | =11.5.4.2.74.291 | |
| F5 BIG-IP Advanced Firewall Manager | =12.1.4.1.0.97.6 | |
| F5 BIG-IP Advanced Firewall Manager | =14.1.2.1.0.83.4 | |
| F5 Big-ip Application Acceleration Manager | =11.5.4.2.74.291 | |
| F5 Big-ip Application Acceleration Manager | =12.1.4.1.0.97.6 | |
| F5 Big-ip Application Acceleration Manager | =14.1.2.1.0.83.4 | |
| F5 BIG-IP Analytics | =11.5.4.2.74.291 | |
| F5 BIG-IP Analytics | =12.1.4.1.0.97.6 | |
| F5 BIG-IP Analytics | =14.1.2.1.0.83.4 | |
| F5 BIG-IP Access Policy Manager | =11.5.4.2.74.291 | |
| F5 BIG-IP Access Policy Manager | =12.1.4.1.0.97.6 | |
| F5 BIG-IP Access Policy Manager | =14.1.2.1.0.83.4 | |
| F5 BIG-IP Application Security Manager | =11.5.4.2.74.291 | |
| F5 BIG-IP Application Security Manager | =12.1.4.1.0.97.6 | |
| F5 BIG-IP Application Security Manager | =14.1.2.1.0.83.4 | |
| F5 Big-ip Edge Gateway | =11.5.4.2.74.291 | |
| F5 Big-ip Edge Gateway | =12.1.4.1.0.97.6 | |
| F5 Big-ip Edge Gateway | =14.1.2.1.0.83.4 | |
| F5 Big-ip Fraud Protection Service | =11.5.4.2.74.291 | |
| F5 Big-ip Fraud Protection Service | =12.1.4.1.0.97.6 | |
| F5 Big-ip Fraud Protection Service | =14.1.2.1.0.83.4 | |
| F5 Big-ip Global Traffic Manager | =11.5.4.2.74.291 | |
| F5 Big-ip Global Traffic Manager | =12.1.4.1.0.97.6 | |
| F5 Big-ip Global Traffic Manager | =14.1.2.1.0.83.4 | |
| F5 Big-ip Link Controller | =11.5.4.2.74.291 | |
| F5 Big-ip Link Controller | =12.1.4.1.0.97.6 | |
| F5 Big-ip Link Controller | =14.1.2.1.0.83.4 | |
| F5 Big-ip Policy Enforcement Manager | =11.5.4.2.74.291 | |
| F5 Big-ip Policy Enforcement Manager | =12.1.4.1.0.97.6 | |
| F5 Big-ip Policy Enforcement Manager | =14.1.2.1.0.83.4 | |
| F5 Big-ip Webaccelerator | =11.5.4.2.74.291 | |
| F5 Big-ip Webaccelerator | =12.1.4.1.0.97.6 | |
| F5 Big-ip Webaccelerator | =14.1.2.1.0.83.4 | |
| F5 Big-ip Domain Name System | =11.5.4.2.74.291 | |
| F5 Big-ip Domain Name System | =12.1.4.1.0.97.6 | |
| F5 Big-ip Domain Name System | =14.1.2.1.0.83.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-5852.
What is the severity of CVE-2020-5852?
The severity of CVE-2020-5852 is high with a severity value of 7.5.
Which software versions are affected by CVE-2020-5852?
CVE-2020-5852 affects F5 Big-IP Local Traffic Manager versions 11.5.4.2.74.291, 12.1.4.1.0.97.6, and 14.1.2.1.0.83.4, as well as other F5 products.
How does CVE-2020-5852 impact the system?
CVE-2020-5852 can cause a disruption of service to the Traffic Management Microkernel (TMM) due to undisclosed traffic patterns received.
Is there a fix available for CVE-2020-5852?
Yes, F5 has released a security advisory with instructions on how to mitigate the vulnerability. Please refer to the official F5 support article for more information.
- collector/nvd-index
- vendor/f5
- product/big-ip local traffic manager
- canonical/f5 big-ip local traffic manager
- product/big-ip advanced firewall manager
- canonical/f5 big-ip advanced firewall manager
- product/big-ip application acceleration manager
- canonical/f5 big-ip application acceleration manager
- product/big-ip analytics
- canonical/f5 big-ip analytics
- product/big-ip access policy manager
- canonical/f5 big-ip access policy manager
- product/big-ip application security manager
- canonical/f5 big-ip application security manager
- product/big-ip edge gateway
- canonical/f5 big-ip edge gateway
- product/big-ip fraud protection service
- canonical/f5 big-ip fraud protection service
- product/big-ip global traffic manager
- canonical/f5 big-ip global traffic manager
- product/big-ip link controller
- canonical/f5 big-ip link controller
- product/big-ip policy enforcement manager
- canonical/f5 big-ip policy enforcement manager
- product/big-ip webaccelerator
- canonical/f5 big-ip webaccelerator
- product/big-ip domain name system
- canonical/f5 big-ip domain name system